14.2: Security Issues for Online Testing
-
- Last updated
- Save as PDF
Security Issues in A Computer Lab Setting
In this section, I focus on the WebCT CE 4.x Quiz Tool and on issues related to administering a closed-book quiz/exam in a computer lab. I do not cover all issues of setting-up and running a WebCT quiz in a computer lab, I only consider certain security issues not covered in most reference material on WebCT. As well, even though you may use a different platform than WebCT, many of the issues discussed here are similar for most of the learning management systems (LMSs). In the following discussion it is assumed that the person monitoring the quiz/exam has access to a computer workstation in the lab.
The Submissions page provides a wealth of information about a quiz. The page informs the instructor if the quiz is “In progress”, “Not taken”, “Not graded”, or “Partial”. The first two labels are self-explanatory. The last label means that some of the questions in the quiz are not marked. This happens when there are machine gradable questions mixed with short answer or paragraph type questions. The latter question types must be manually marked by a human. The “Not graded” label means that the student either quit the quiz without properly submitting the quiz for grading or the designer configured the quiz so that it either must be manually graded or it must be manually submitted for grading. Clicking a Submissions no. opens the quiz of any student, whether submitted or not. In WebCT, you can view the quiz while it is being completed by the student, before it is even submitted. In fact, the designer can force the quiz to be submitted while it is still being completed, so be careful when accessing live quizzes.
Though the Submissions view does provide information about a quiz, and allows some monitoring of the quiz environment, computer labs should also be equipped with either a secure browser or computer monitoring software such as NetSupport to protect the security of the quiz environment. Preferably a lab would have both features; neither by itself ensures absolute security. Together, these tools give a high level of security. Nevertheless, even if both these security tools are implemented, you should still consider restricting the IP address of work stations (more on this below in the Quiz Settings).
You can also increase the magnification of the collective class screen. The following demonstrates that it is possible to create other views of the workstations in the lab, which are easy to tab between. You can create a tabbed view of all workstations, of the workstations for only the class, or of the workstations that are only doing the quiz (I frequently allow other students in the lab who are not completing the quiz). The fewer the number of stations monitored the greater the magnification possible to view all stations at once.
Using A Secure Browser
As well, by setting your quizzes a certain colour it is easy to spot workstations that are accessing material that is not part of the quiz. You can do a screen capture of any suspicious workstation, to act as evidence of violation of the rules of the exam setting.
Using Excel with WebQuery
I have up to 200 students registered in a WebCT course. Even though the class breaks down into 24 students per lab/quiz, which is quite manageable, the Submissions screen does not provide an easy way to isolate the specific 24 students taking a quiz; you must view all 200 student accounts at once. It is very difficult to monitor the 24 students taking a quiz when the Submissions screen lists 200, and the 24 are scattered throughout the 200. This is especially a problem if students are assigned to the labs non-alphabetically (the Submissions screen sorts students alphabetically by Last Name only). However, you can use the WebQuery feature of an Excel spreadsheet to assist in the monitoring. All data on any WebCT page can be grabbed by an Excel WebQuery.
This screen capture displays an Excel spreadsheet, in which I wrote macros and formulas to analyze the data pulled from the Submissions page. Excel has tools that allow you to continuously update the data being generated from WebCT. With WebQuery you are basically creating a real-time Excel window into the Submissions page of your WebCT Quiz. Excel WebQuerys can be used to mine data for a variety of different purposes in WebCT; they are exceptionally useful.
Configuring The WebCT Quiz
In the following I only discuss a few of the 17 areas numbered above, many of these areas are covered in other sources about WebCT CE 4.x. I only cover those that are directly relevant to monitoring a quiz in a lab.
Controlled release of quizzes
Controlled release to specific students
- You can release quizzes to the whole class or to only a subsection of the class, even to just one person.
- Even though you can control release to one account, more than one person can sign into an account (all using the same student/WebCT ID). So, a student could sign into a quiz, and have their bright friend in Timbuktu sign in at exactly the same time and complete the quiz for them, while the student sits in front of the workstation appearing to do the work. The best way to stop this is by controlling the IP Address, and setting and changing the password.
Controlled release to an IP address
To reduce the risk that more than one person signs into the same account/quiz, you can release quizzes to a single IP address or to a range of IP address. This at least prevents the person in Timbuktu from accessing the quiz.
Controlled release by quiz password
You can set a password to allow entry into a quiz. With this setting, the quiz cannot be started without the password. Not only does this assist to control unauthorized access to the quiz, it also gives you the power to force everyone to start the quiz at approximately the same time. This option combined with the release by User ID and the release by IP address can significantly reduce the possibility of unauthorized access.
Change the password during the quiz and deny access
During the quiz, I usually reset the password as soon as everyone is into the quiz, which effectively prevents anyone new from signing in. This helps to prevent someone signing-on from a remote site (if you didn’t restrict access by the IP address and they were emailed the current password by someone taking the quiz), especially someone who was authorized to do the quiz but did not show up.
Security Issues for totally online courses
Obviously, the security issues for totally online courses are quite different than for face-to-face courses. There is a fair amount of literature on this topic. Most universities and colleges have testing centres, and for a fee you can have students invigilated during an exam. I have done this with students taking my online logic course. These students arranged with a testing centre to use an Internet-enabled computer for completing their exams. An invigilator was also present. However, you still need to create an exam that is more demanding and that could not be easily completed by cheating. In testing centres, you seldom have the ability to check out the computer system the student uses for the exam, or to specify that there must be a secure browser.